B Wooster wrote: > The CGI.pm that is currently available with FC7 is version 3.15. > That version has a problem - if a form is uploaded of size greater > than POST_MAX, the CGI script will peg the CPU until the web server > kills it (Apache has default 120 seconds timeout). This ends up > having problems on server, as well the client which now sees an > empty page, or a "cannot load web page" message. > > The latest versions of CGI.pm is 3.29 - using cpan to "install CGI" > will bring this latest version to a FC7 box. So, that is a > workaround for anyone else who is running CGI scripts on FC7 and > using POST_MAX. > > But - note that when perl/perl-lib gets update, an yum update will > revert back the CGI.pm to 3.15! (As it happened last week when I did > an yum update). That may be another issue - cpan updates and yum > updates. > > Still the key question I'm curious about - how does the FC7 repos > get updated? 3.15 CGI.pm is now quite old - when will FC7 get the > latest CGI.pm? Either the perl package will need to be patched to update CGI.pm or a new upstream perl release will need to include an updated CGI.pm. Basically, the version of CGI.pm used is what is in the perl tarball. This could get updated via a patch. Something similar was done to update from 3.08 to 3.10 a few years ago in perl 5.8.6[1]. The diff from 3.15 to 3.29[2] would need to be tested to ensure that it doesn't introduce new bugs. A possibly saner alternative than a wholesale upgrade would be to just patch CGI.pm to avoid the specific bug you're encountering (CPAN bug 19222[3]). Attached is an diff against the F-7 perl specfile and the patch to fix the POST_MAX bug. You should be able to grab the latest perl srpm, install it, apply the spec file patch, copy the POST_MAX bugfix patch to the rpm source dir, rebuild, and test. You could rebuild the perl rpm with this patch added and verify that it fixes the problem with POST_MAX, then file a bug requesting that the patch be included in an updated perl rpm. [1] https://bugzilla.redhat.com/show_bug.cgi?id=158036 [2] http://search.cpan.org/diff?from=CGI.pm-3.15&to=CGI.pm-3.29 [3] http://rt.cpan.org/Public/Bug/Display.html?id=19222 -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ God loves stupid people. That's why he made so many.
Index: perl.spec
===================================================================
RCS file: /cvs/extras/rpms/perl/F-7/perl.spec,v
retrieving revision 1.125
diff -u -p -r1.125 perl.spec
--- perl.spec 18 Aug 2007 08:48:08 -0000 1.125
+++ perl.spec 19 Sep 2007 13:50:01 -0000
@@ -20,7 +20,7 @@
Name: perl
Version: %{perl_version}
-Release: 23%{?dist}
+Release: 23%{?dist}.1
Epoch: %{perl_epoch}
Summary: The Perl programming language
Group: Development/Languages
@@ -118,6 +118,8 @@ Patch39: perl-5.8.8-disable_test_
# XXX: Fixme - Finish patch.
#Patch39: perl-5.8.8-bz204679.patch
Patch40: perl-5.8.8-U28775.patch
+# http://rt.cpan.org/Public/Bug/Display.html?id=19222
+Patch41: perl-5.8.8-ubz19222.patch
BuildRoot: %{_tmppath}/%{name}-%{perl_version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: tcsh, dos2unix, man, groff
BuildRequires: gdbm-devel, db4-devel
@@ -345,6 +347,7 @@ Basic utilities for writing tests.
%patch38 -p1
%patch39 -p1
%patch40 -p1
+%patch41 -p1
#
# Candidates for doc recoding (need case by case review):
# find . -name "*.pod" -o -name "README*" -o -name "*.pm" | xargs file -i | grep charset= | grep -v '\(us-ascii\|utf-8\)'
@@ -738,6 +741,9 @@ make test
%{_mandir}/man3/Test::Tutorial*
%changelog
+* Wed Sep 19 2007 Todd Zullinger <tmz@xxxxxxxxx> - 4:5.8.8-23.1
+- Fix upstream bug 19222, CGI.pm POST_MAX read loop
+
* Sat Aug 18 2007 Stepan Kasal <skasal@xxxxxxxxxx> - 4:5.8.8-23
- Remove unnnecessary parens from the License tags.
--- perl-5.8.8/lib/CGI.pm~ 2005-12-07 22:35:30.000000000 +0000
+++ perl-5.8.8/lib/CGI.pm 2006-08-21 22:35:19.000000000 +0100
@@ -508,17 +535,10 @@
# avoid unreasonably large postings
if (($POST_MAX > 0) && ($content_length > $POST_MAX)) {
- # quietly read and discard the post
- my $buffer;
- my $tmplength = $content_length;
- while($tmplength > 0) {
- my $maxbuffer = ($tmplength < 10000)?$tmplength:10000;
- my $bytesread = $MOD_PERL ? $self->r->read($buffer,$maxbuffer) : read(STDIN,$buffer,$maxbuffer);
- $tmplength -= $bytesread;
- }
- $self->cgi_error("413 Request entity too large");
- last METHOD;
- }
+ #discard the post, unread
+ $self->cgi_error("413 Request entity too large");
+ last METHOD;
+ }
# Process multipart postings, but only if the initializer is
# not defined.
Attachment:
pgplHBCV4PUus.pgp
Description: PGP signature
-- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
